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This listing of claims will replace all prior versions, and listings, of claims in the 
application. 

Listing of Claims: 

1 . (currently amended) A method for improving processor virtualization in x86 
processor architectures and their equivalents, including but not limited to the IA32 
architecture, said method comprising! 

removing, replacing, or supplementing one or more predefined instructions in 
a guest operating system that adversely affect virtualization for a hybrid virtual 
machine operating on an x86 processor with synthetic instructions that cause at least 
one exception to be trappable by a virtualization layer, wherein said synthetic 
instructions are illegal to said architecture ; and 

using at least one of said synthetic instructions to enable direct execution on a 
physical processor of instructions issued by said guest operating system: 

wherein said at least one of said synthetic instructions is executed from within 
guest kernel code . 

2. (currently amended) The method of claim 1 wherein said one or more predefined 
instructions, include a member of the following group of instructions: PUSH CS, 
PUSH SS, MOV from SS, CALLF, VERR, VERW, and LAR. 

3. (original) The method of claim 1 wherein an instruction that adversely affects 
virtualization on an x86 processor is either replaced with or supplemented by a 
synthetic instruction that causes an exception in the x86 processor that is then trapped 
by a virtual machine running on said x86 processor for processing by said virtual 



4. (original) The method of claim 3 wherein, for a first virtual machine running on a 
second virtual machine, an instruction that is either replaced with or supplemented by 
a synthetic instruction to cause an exception in the x86 processor that is then trapped 
by said first virtual machine running on said x86 processor for processing by said 
virtual machine by effectively by -passing said second virtual machine. 



machine. 
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5. (currently amended) The method of claim 3 wherein at least one synthetic 
instruction of said synthetic instructions is usable in both a user mode and a 
privileged mode. 

6. (currently amended) The method of claim 3 wherein at least one synthetic 
instruction of said synthetic instructions has no corollary to an existing x86 
instruction. 

7. (currently amended) The method of claim 3 wherein at least one synthetic 
instruction of said synthetic instructions is an instruction for disabling direct 
execution (e.g., VMDXDSBL) . 

8. (canceled) 

9. (original) The method of claim 3 wherein, for an instruction that is replaced with 
a synthetic instruction, the synthetic instruction is semantically similar to the 
instruction that is being replaced. 

10. (original) The method of claim 9 wherein an instruction of less than five bytes in 
length is replaced with a synthetic instruction of at least five bytes in length (e.g., to 
facilitate patching). 

11. (currently amended) The method of claim 10 wherein an STI instruction is 
replaced with a synthetic instruction that is at least five bytes long (e.g., VMSTI) . 

12. (currently amended) The method of claim 10 wherein a CLI instruction is 
replaced with a synthetic instruction that is at least five bytes long (e.g., VMCLI) . 

13. (currently amended) The method of claim 3 wherein a CPUID instruction in the 
guest operating system is replaced with a synthetic instruction (e.g., VMCPUID) that 
reads virtualized CPUID information. 
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14. (currently amended) The method of claim 3 wherein at least one multi-processor 
spin lock instruction in the guest operating system is supplemented with a synthetic 
instruction (e.g., VMSPLAF) for determining when a spin lock acquisition has failed. 

15. (currently amended) The method of claim 3 wherein a PUSHF(D) instruction in 
the guest operating system is replaced with a synthetic instruction (e.g., 
VMPUSHFD) that pushes IF onto a stack. 

1 6. (currently amended) The method of claim 3 wherein a POPF(D) instruction in the 
guest operating system is replaced with a synthetic instruction (e.g., VMPOPFD) that 
pops IF off of a stack. 

17. (currently amended) The method of claim 3 wherein an instruction that modifies 
a descriptor table entry in the guest operating system is replaced with a synthetic 
instruction (e.g., VMWRDESC) that updates the descriptor table entry, avoiding 
overheads associated with maintaining shadow descriptor tables. 

18. (currently amended) The method of claim 3 wherein an SGDT instruction in the 
guest operating system is replaced with a synthetic instruction (e.g., VMSGDT) that 
stores a current GDT base and length to EAX. 

19. (currently amended) The method of claim 3 wherein a SLDT instruction in the 
guest operating system is replaced with a synthetic instruction (e.g., VMSLDT) that 
stores the current LDT selector to EAX. 

20. (currently amended) The method of claim 3 wherein a SIDT instruction in the 
guest operating system is replaced with a synthetic instruction (e.g., VMSIDT) that 
stores the current IDT base and length to EAX. 

21. (currently amended) The method of claim 3 wherein a STR instruction in the 
guest operating system is replaced with a synthetic instruction (e.g., VMSTR) that 
stores the current TR selector to EAX. 
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22. (currently amended) The method of claim 3 wherein a CLI instruction in the 
guest operating system is replaced with a synthetic instruction (e.g., VMCLI) that 
clears a virtualized IF. 

23. (currently amended) The method of claim 3 wherein a STI instruction in the 
guest operating system is replaced with a synthetic instruction (e.g., VMSTI) that sets 
a virtualized IF. 

24. (currently amended) The method of claim 3 wherein a synthetic instruction for 
halting the processor (e.g., VMHALT) can be executed as user-level guest code. 

25. (currently amended) A method for [[an]] a guest operating system to determine 
whether it is running on a virtualized processor or running directly on an x86 
processor, said method comprising: 

executing a synthetic instruction (e.g., VMCPUID) for returning a value 
representing an identity for the central processing unit; 

wherein said synthetic instruction is configured to be executed from any 
privileged level; 

if a value is returned, then concluding that the operating system is running on 
a virtualized processor, and thereafter utiliz[[e]mg synthetic instructions^,]]; 

wherein said synthetic instructions are configured to cause at least one 
exception to be trappable by a visualization layer, and wherein said synthetic 
instructions are illegal to said processor architecture; and 

if an exception occurs, then concluding that the operating system is running 
directly on an x86 processor, and thereafter refraining from utilizing synthetic 
instructions. 

26. (original) The method of claim 25 further comprising, if a value is returned, then 
accessing or modifying features or behaviors of the underlying virtual machine 
monitor. 

27. (original) The method of claim 25 wherein the hexadecimal operation code for 
said synthetic instruction is OF C7 C8 01 00. 

Page 5 of 19 



DOCKET NO.: MVIR-0101/305147.01 

Application No.: 10/685,051 

Office Action Dated: January 10, 2008 



PATENT 

REPLY FILED UNDER EXPEDITED 
PROCEDURE PURSUANT TO 
37 CFR§ 1.116 



28. (currently amended) A method for improving guest operating system code for 
efficient patching of trappable instructions using a long JMP instruction, said method 
comprising the step of: 

in [[the]] a guest operating system, locating instances of trappable instructions 
that are less than five bytes long, (e.g., STI and CLI including instructions that run 
within ring-0 code [[ )and]] ; 

replac[[e]]ing the[[se]] trappable instructions with corresponding synthetic 
instructions that are at least five bytes long (e.g., VMSTI and VMCLI respectively), ; 

wherein said synthetic instructions are configured to cause at least one 
exception to be trappable by a virtualization layer, and wherein said synthetic 
instructions are illegal to a physical processor architecture underlying said guest 
operating system . 

29. (currently amended) A system for processing synthetic instructions on x86 
processor architectures and their equivalents, including but not limited to the IA32 
architecture, said system comprising; 

a subsystem for trapping said synthetic instructions issued by a guest 
operating system after said synthetic instructions cause an exception in the x86 
processor[[,]] 

wherein said synthetic instructions are configured to cause at least one 
exception to be trappable by a virtualization layer, and whoroin said synthetic 
instructions arc illegal to said processor architecture ; and 

a subsystem for processing said synthetic instructions for the guest operating 
system; 

wherein at least one synthetic instruction of said synthetic instructions is 
configured to enable direct execution within ring 0 layer of privilege . 

30. (currently amended) The system of claim 29 further comprising a subsystem 
whereby a synthetic instruction (e.g., VMSPLAF) for determining when a spin lock 
acquisition has failed is trapped and processed. 
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31. (currently amended) The system of claim 29 further comprising a subsystem for 
processing a synthetic instruction (e.g., VMPUSHFD) for pushing an IF onto a stack. 

32. (currently amended) The system of claim 29 further comprising a subsystem for 
processing a synthetic instruction (e.g., VMPOPFD) for popping an IF off of a stack. 

33. (currently amended) The system of claim 29 further comprising a subsystem for 
processing a synthetic instruction (e.g., VMWRDESC) that updates the descriptor 
table entry, avoiding overheads associated with maintaining shadow descriptor tables. 

34. (currently amended) The system of claim 29 further comprising a subsystem for 
processing a synthetic instruction (e.g., VMSGDT) for storing the current GDT base 
and length to EAX. 

35. (currently amended) The system of claim 29 further comprising a subsystem for 
processing a synthetic instruction (e.g., VMSLDT) for storing the current LDT 
selector to EAX. 

36. (currently amended) The system of claim 29 further comprising a subsystem for 
processing a synthetic instruction (e.g., VMSIDT) for storing the current IDT base 
and length to EAX. 

37. (currently amended) The system of claim 29 further comprising a subsystem for 
processing a synthetic instruction (e.g., VMSTR) for storing the current TR selector 
to EAX. 

38. (currently amended) The system of claim 29 further comprising a subsystem for 
processing a synthetic instruction (e.g., VMCLI) for clearing a virtualized IF. 

39. (currently amended) The system of claim 29 further comprising a subsystem for 
processing a synthetic instruction (e.g., VMSTI) for setting a virtualized IF. 
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40. (currently amended) The system of claim 29 further comprising a subsystem for 
processing a synthetic instruction for halting the processor (e.g., VMHALT) can be 
executed as user-level guest code. 

41. (currently amended) The system of claim 29 further comprising a subsystem for 
determining whether said system is running on a virtualized processor or running 
directly on an x86 processor, said subsystem comprising: 

a subsystem for executing a synthetic instruction (e.g., VMCPUID) for 
returning a value representing an identity for features supported by the central 
processing unit; and 

a subsystem for determining if a value is returned and (a) if so, concluding 
that the operating system is running on a virtualized processor, and thereafter utilize 
synthetic instructions, and (b) if not, concluding that the operating system is running 
directly on an x86 processor, and thereafter refrain from utilizing synthetic 
instructions. 

42. (original) The system of claim 41 further comprising a subsystem for accessing 
or modifying features or behaviors of the underlying virtual machine monitor if a 
value is returned. 

43. (original) The system of claim 41 wherein the hexadecimal operation code for 
said synthetic instruction is OF C7 C8 01 00. 

44. (currently amended) The system of claim 29 wherein said synthetic instructions 
comprise a synthetic instruction for disabling direct execution (e.g., VMDXDSBL) . 

45. (currently amended) The system of claim 29 wherein said synthetic instructions 
comprise a synthetic instruction for enabling (or re-enabling) direct execution (e.g., 
VMDXENBL) . 

46. (currently amended) The system of claim 29 wherein said synthetic instructions 
comprise: 

a synthetic instruction (e.g., VMPUSHFD) for pushing an IF onto a stack; and 
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a synthetic instruction (o.g., VMPOPFD) for popping an IF off of a stack. 

47. (currently amended) The system of claim 46 wherein said synthetic instructions 
further comprise: 

a synthetic instruction (e.g., VMSGDT) for storing the current GDT base and 
length to EAX; 

a synthetic instruction (e.g., VMSLDT) for storing the current LDT selector to 

EAX; 

a synthetic instruction (e.g., VMSIDT) for storing the current IDT base and 
length to EAX; and 

a synthetic instruction (e.g., VMSTR) for storing the current TR selector to 



48. (original) The system of claim 46 wherein said synthetic instructions further 
comprise: 

a synthetic instruction (o.g., VMCLI) for clearing a virtualized IF; and 
a synthetic instruction (e.g., VMSTI) for setting a virtualized IF. 

49. (original) The system of claim 46 wherein said synthetic instructions further 
comprise a synthetic instruction for determining when a spin lock acquisition has 
failed is trapped and processed. 

50. (currently amended) The system of claim 46 wherein said synthetic instructions 
further comprise a synthetic instruction (e.g., VMCPUID) for returning a value 
representing an identity for the central processing unit. 

5 1 . (original) The system of claim 50 wherein the hexadecimal operation code for 
said synthetic instruction is OF C7 C8 01 00. 

52. (currently amended) A computer-readable medium storing thereon computer- 
readable instructions for improving processor virtualization in x86 processor 
architectures and their equivalents, including but not limited to the IA32 architecture, 
said computer-readable instructions comprising: 



EAX. 
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at least one synthetic instruction that causes an exception in the x86 processor 
that is then trapped by a virtual machine monitor running on said x86 processor for 
processing by said virtual machine monitor[[,]] 

wherein said synthetic instruction configured to cause at least one exception to 
be trappable by a virtualization layer, and ; 

wherein said at least one synthetic instruction^ are]] is illegal to said 
processor architecture ; and 

wherein said exception is a result of the execution of higher privileged code at 
a lower privileged level. 

53. (previously presented) The computer-readable instructions of claim 52 further 
comprising instructions whereby at least one multi-processor spin lock instruction in 
the guest operating system is supplemented with a synthetic instruction (e.g., 
VMSPLAF) for determining when a spin lock acquisition has failed. 

54. (currently amended) The computer-readable instructions of claim 52 further 
comprising a synthetic instruction ( e .g., VMCPUID) for returning a value 
representing an identity for the central processing unit. 

55. (currently amended) The computer- readable instructions of claim 52 further 
comprising a synthetic instruction (e.g., VMPUSHFD) that pushes IF onto a stack. 

56. (currently amended) The computer-readable instructions of claim 52 further 
comprising a synthetic instruction (e.g., VMPOPFD) that pops IF off of a stack. 

57. (currently amended) The computer-readable instructions of claim 52 further 
comprising a synthetic instruction (e.g., VMSGDT) that stores the current GDT base 
and length to EAX. 

58. (currently amended) The computer-readable instructions of claim 52 further 
comprising a synthetic instruction (e.g., VMSLDT) that stores the current LDT 
selector to EAX. 
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59. (currently amended) The computer-readable instructions of claim 52 further 
comprising a synthetic instruction (e.g., VMSIDT) that stores the current IDT base 
and length to EAX. 

60. (currently amended) The computer-readable instructions of claim 52 further 
comprising a synthetic instruction (e.g., VMSTR) that stores the current TR selector 
to EAX. 

6 1 . (currently amended) The computer-readable instructions of claim 52 further 
comprising a synthetic instruction (e.g., VMCLI) that clears a virtualized IF. 

62. (currently amended) The computer-readable instructions of claim 52 further 
comprising a synthetic instruction (e.g., VMSTI) that sets a virtualized IF. 

63. (currently amended) The computer-readable instructions of claim 52 further 
comprising instructions for determining whether said instructions are running on a 
virtualized processor or running directly on an x86 processor, said instructions 
comprising: 

instructions for executing a synthetic instruction for returning a value 
representing an identity for the central processing unit; and 

instructions for determining if value corresponding to an identity for the 
central processing unit is returned and (a) if so, utilizing synthetic instructions, and 
(b) if not, suspending use of synthetic instructions. 

64. (original) The computer-readable instructions of claim 63 wherein the 
hexadecimal operation code for said synthetic instruction is OF C7 C8 01 00. 

65. (currently amended) A system for processing synthetic instructions when 
executing on x86 processor architectures and their equivalents, including but not 
limited to the IA32 architecture, said system comprising: 

removing, replacing, or supplementing instances of one or more of the 
following predefined instructions in the guest operating system: PUSH CS, PUSH 
SS, MOV from SS, CALLF, VERR, VERW, and LAR with synthetic instructions 



Page 11 of 19 



DOCKET NO.: MVIR-0101/305147.01 

Application No.: 10/685,051 

Office Action Dated: January 10, 2008 



PATENT 

REPLY FILED UNDER EXPEDITED 
PROCEDURE PURSUANT TO 



37 CFR§ 1.116 

that are configured to cause at least one exception to be trappable by a virtualization 
layer, and wherein said synthetic instructions are illegal to said processor architecture; 

66. (currently amended) A method for optimizing a guest operating system to 
improve processor virtualization when executing on x86 processor architectures and 
their equivalents, including but not limited to the IA32 architecture, said method 
comprising: 

removing, replacing, or supplementing instances of one or more of the 
following predefined instructions in the guest operating system: PUSH CS, PUSH 
SS, MOV from SS, CALLF, VERR, VERW, and LAR; 

replacing CPUID instructions in the guest operating system with synthetic 
instructions (e.g., VMCPUID) that reads virtualized CPUID information; 

supplementing spin lock instructions in the guest operating system with 
synthetic instructions (e.g., VMSPLAF) for determining when a spin lock acquisition 
has failed; 

replacing PUSHF(D) instructions in the guest operating system with synthetic 
instructions ( e .g., VMPUSHFD) for pushing IF onto a stack; 

replacing POPF(D) instructions in the guest operating system with synthetic 
instructions (e.g., VMPOPFD) for popping IF off of a stack; 

replacing SGDT instructions in the guest operating system with synthetic 
instructions (e.g., VMSGDT) for storing a current GDT base and length to EAX; 

replacing SLDT instructions in the guest operating system with synthetic 
instructions (e.g., VMSLDT) for storing a current LDT selector to EAX; 

replacing SIDT instructions in the guest operating system with synthetic 
instructions (e.g., VMSIDT) for storing a current IDT base and length to EAX; 

replacing STR instructions in the guest operating system with synthetic 
instructions (e.g., VMSTR) for storing the current TR selector to EAX; 

replacing CLI instructions in the guest operating system with synthetic 
instructions (e.g., VMCLI) for clearing a virtualized IF; 

replacing STI instructions in the guest operating system with synthetic 
instructions (e.g., VMSTI) for setting a virtualized IF. 
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67. (currently amended) A method for processing synthetic instructions executable 
on a processor architecture, comprising: 

removing, replacing, or supplementing at least one predefined instruction's]] 
in a guest operating system, running in a virtual machine environment, with synthetic 
instructions; 

determining whether said synthetic instructions are supported by said virtual 
machine environment by executing at least one of said synthetic instructions; 

enabling direct execution of instructions on said processor architecture using 
at least one of said synthetic instructions; 

receiving storing wherein at least one of said synthetic instructions that arc is 
configured to cause at least one exception trappable by a virtualization layer when 
privileged-level code is run at user-level , wherein at least one of said synthetic 
instructions are is illegal to said processor architecture; [[and]] 

causing said at least one exception to be issued by said processor architecture 
by using at least one of said synthetic instructions; 

invoking a trap handler within said virtualization layer in order to trap said at 
least one exception; 

emulating with said virtualization layer any implied state changes based on 
processing of said at least one exception; and 

returning control to any subsequent instructions of said guest operating 

system . 
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